Forward traffic based on TCP Port - LTM Policy

Hi All, i try to troubleshoot a configuration i can't get working and could use some input here. 
So we have 5 Virtuals all on the same public IP but different ports (20, 21, 22, 990 and 0). The Virtuals are used for filetransfer application and the problem is sitting on the port 0 config. On this one we have a LTM Policy defined that the port needs to be in the range of 1024-1048 or otherwise we send a reset. The idea behind is that FTP transfer is started on the port 21 virtual, then uses a passive port in this range off 1024-1048 and so entering the virtual on port 0. From my view this seems all to be configured correctly but it doesn't work and when taking a TCP Dump we can see in our trace that the traffic is reset by F5 due to the policy.

So at this point it seems that our definiation of the portrange doesn't work and so by default the traffic is reset. I can't seems to figure out what goes wrong and we don't want to use iRules (we know they can do the same) for company reasons. 

I did already some googling myself but there don't seem to be many similar configurations. To rule out if the matching port criteria were the issue we added all of them in the policy list with the same result. Also in one of the articles further down below they mention to modify the local side of external interface to make it working but we all tried this (even all 4 options) but the result remains the same. At this point i am thinking more in the direction of a bug but i can still be wrong in the logic here...

Current software release we run is BIG-IP 15.1.3 Build 0.150.11 Engineering Hotfix

ltm virtual /Common/VS_XXXXXXXXXXX_STG_1024-1048 {
    creation-time 2021-01-19:11:48:01
    description "XXXXXXXXXXX"
    destination /Common/XX.XX.XX.XX:0
    ip-protocol tcp
    last-modified-time 2021-12-21:17:13:55
    mask 255.255.255.255
    policies {
        /Common/Policy_XXXXXXXXXXX_STG_Public { }
    }
    profiles {
        /Common/tcp { }
    }
    serverssl-use-sni disabled
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port disabled
}

ltm policy /Common/Policy_XXXXXXXXXXX_STG_Public {
    controls { forwarding persistence }
    description "Forward traffic policy based on content for Public XXXXXXXXXXX"
    requires { tcp }
    rules {
        default {
            actions {
                0 {
                    shutdown
                    client-accepted
                    connection
                }
            }
            ordinal 1
        }
        portrange {
            actions {
                0 {
                    forward
                    client-accepted
                    select
                    pool /Common/POOL_XXXXXXXXXXX_STG_1024-1048
                }
                1 {
                    persist
                    client-accepted
                    source-address
                    netmask 255.255.255.255
                    timeout 57600
                }
            }
            conditions {
                0 {
                    tcp
                    client-accepted
                    port
                    greater-or-equal
                    values { 1024 }
                }
                1 {
                    tcp
                    client-accepted
                    port
                    less-or-equal
                    values { 1048 }
                }
            }
        }
    }
    strategy /Common/first-match
}

Links we already used:

https://community.f5.com/t5/technical-articles/three-ways-to-specify-multiple-ports-on-a-virtual-server/ta-p/285101 
https://f5partnerdashboard.force.com/DevCentral/s/question/0D51T00008694asSAA/use-ltm-policies-to-create-a-vip-listening-on-specific-ports 
community.f5.com/t5/technical-forum/ltm-policy-to-select-pool-based-on-tcp-port-is-not-working/td-p/225065